CVE-2022-0735

CRITICAL NUCLEI

GitLab CE/EE <14.6.5-14.8.2 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-0735. PoCs published by exploitintel. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2022-0735, demonstrating an information disclosure vulnerability in GitLab CE/EE that leaks runner tokens, which can be chained to achieve remote code execution via rogue runner registration.

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands.

Exploits (1)

github WORKING POC 3 stars

by exploitintel · cpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2022-0735

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2022-0735, demonstrating an information disclosure vulnerability in GitLab CE/EE that leaks runner tokens, which can be chained to achieve remote code execution via rogue runner registration.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: GitLab CE/EE (versions >=12.10 <14.6.5, >=14.7 <14.7.4, >=14.8 <14.8.2)

No auth needed

Prerequisites: Vulnerable GitLab instance · Public project or authenticated access to a private project

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed May 19, 2026 Full analysis →

Nuclei Templates (1)

GitLab CE/EE - Information Disclosure

CRITICALby GitLab Red Team

Shodan: http.title:"GitLab" || cpe:"cpe:2.3:a:gitlab:gitlab" || http.title:"gitlab"

FOFA: title="gitlab"

References (2)

Core 2

Core References

Broken Link x_refsource_misc

https://gitlab.com/gitlab-org/gitlab/-/issues/353529

Vendor Advisory x_refsource_confirm

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0735.json

Scores

CVSS v3 10.0

EPSS 0.7345

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

Status published

Products (1)

gitlab/gitlab 12.0 - 14.6.5 (2 CPE variants)

Published Mar 28, 2022

Tracked Since Feb 18, 2026